Google Chrome is exploring an innovative way to prevent malicious websites from breaching people’s home networks. The browser will soon receive a feature dubbed “Private Network Access protections” which aims to mitigate cyber-attacks through home devices. Those include printers and routers linked to your network through DNS routers.
New Google Chrome update protects against infiltration attempts
This new feature, expected to launch with Chrome v123, is in warning-only format. It acts as a virtual gatekeeper by examining requests made via public websites attempting to access your private network. Instead of other defenses, this one focuses on navigation. It examines suspicious requests so the user’s private network can be safe from potential threats.
To demonstrate its effectiveness, Google gives an example on ChromeStatus where an HTML iframe on a public website attempts a CSRF attack that would alter the DNS configuration of the user’s router. For example, if a publicly accessible site tries to reach an internal device, then a preflight request appears in the browser. The internal device may then allow or disallow access using ‘Access-Control-Request-Private-Network.’
Here, even if the checks fail during the initial warning stage, the feature does not block requests outright. Instead, developers will receive a warning in the DevTools console to provide them with an opportunity to address these issues before any stricter enforcement. By doing so, this precautionary approach enables easy and smooth adaptation by developers to take place as they get familiar with new security measures.
Auto-Reload may leave the Private Network Access Protection vulnerable
But for this feature to exist at all, Bleepingcomputer suggests that Google must first address one serious vulnerability, the auto-reload action. The suggestion would be that if there was a rejection by Private Network Access on some previous request, then auto-reloading must not be available. In this way, the security protocol will remain intact in case of accidental reload.
This innovation is driven by increasing concerns about third-party websites. They take advantage of flaws found in servers or routers located within users’ private networks. Such initiatives address risks like “SOHO Pharming” attacks and Cross-Site Request Forgery (CSRF) vulnerabilities; thus protecting local routers and software interfaces from being accessed without authorization.
2024-02-20 15:07:30